CodesEscape are now available to join waitlist
|Get started
Pakverse

.

Back to Home

Data Processing Addendum

Last Updated: April 24, 2023

This Data Processing Addendum ('DPA') forms part of the Terms of Service or other written or electronic agreement between Pakverse ('Processor') and the Customer ('Controller') for the provision of services ('Services') that involve the processing of personal data.

1. Definitions

In this DPA, the following terms shall have the meanings set out below:

  • 'Controller' means the entity which determines the purposes and means of the Processing of Personal Data.
  • 'Data Protection Laws' means all laws and regulations applicable to the Processing of Personal Data under the Agreement, including but not limited to the GDPR and the laws of Pakistan.
  • 'GDPR' means the General Data Protection Regulation (EU) 2016/679.
  • 'Personal Data' means any information relating to an identified or identifiable natural person.
  • 'Processing' means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means.
  • 'Processor' means the entity which Processes Personal Data on behalf of the Controller.
  • 'Sub-processor' means any Processor engaged by the Processor.

2. Processing of Personal Data

2.1 The Processor shall Process Personal Data only on documented instructions from the Controller, including with regard to transfers of Personal Data to a third country or an international organization, unless required to do so by law; in such a case, the Processor shall inform the Controller of that legal requirement before Processing, unless that law prohibits such information on important grounds of public interest.

2.2 The Processor shall ensure that persons authorized to Process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.

2.3 The Processor shall take all measures required pursuant to Article 32 of the GDPR (Security of Processing).

2.4 The Processor shall respect the conditions referred to in paragraphs 2 and 4 of Article 28 of the GDPR for engaging another Processor (Sub-processor).

2.5 The Processor shall, taking into account the nature of the Processing, assist the Controller by appropriate technical and organizational measures, insofar as this is possible, for the fulfillment of the Controller's obligation to respond to requests for exercising the data subject's rights.

2.6 The Processor shall assist the Controller in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR, taking into account the nature of Processing and the information available to the Processor.

2.7 At the choice of the Controller, the Processor shall delete or return all the Personal Data to the Controller after the end of the provision of Services relating to Processing, and delete existing copies unless law requires storage of the Personal Data.

2.8 The Processor shall make available to the Controller all information necessary to demonstrate compliance with the obligations laid down in Article 28 of the GDPR and allow for and contribute to audits, including inspections, conducted by the Controller or another auditor mandated by the Controller.

3. Sub-processors

3.1 The Controller hereby provides general written authorization for the Processor to engage Sub-processors. The Processor shall inform the Controller of any intended changes concerning the addition or replacement of Sub-processors, thereby giving the Controller the opportunity to object to such changes.

3.2 Where the Processor engages a Sub-processor for carrying out specific Processing activities on behalf of the Controller, the same data protection obligations as set out in this DPA shall be imposed on that Sub-processor by way of a contract, in particular providing sufficient guarantees to implement appropriate technical and organizational measures. Where the Sub-processor fails to fulfill its data protection obligations, the Processor shall remain fully liable to the Controller for the performance of the Sub-processor's obligations.

4. International Transfers

4.1 The Processor shall not transfer Personal Data to a country outside the European Economic Area without the prior written consent of the Controller, unless an adequate level of protection for the Personal Data is ensured in accordance with applicable Data Protection Laws.

5. Data Breach Notification

5.1 The Processor shall notify the Controller without undue delay after becoming aware of a Personal Data breach and shall provide all reasonable cooperation and assistance to the Controller in relation to any Personal Data breach.

6. Term and Termination

6.1 This DPA shall commence on the same date as the Agreement and shall continue in force until the Agreement is terminated or expires.

7. Governing Law

7.1 This DPA shall be governed by the laws of Pakistan and the parties submit to the exclusive jurisdiction of the courts of Pakistan for any disputes arising out of or in connection with this DPA.

8. Contact Information

If you have any questions about this Data Processing Addendum, please contact us:

Pakverse
Email: pakverseorg@gmail.com
Phone: +92 310 1288813

Other Policies

Privacy PolicyTerms of ServiceWebsite TermsData Processing AddendumAcceptable Use Policy

Need help?